CVE-2021-47795

MEDIUM EXPLOITED

GeoVision GeoWebServer 5.3.3 - Path Traversal and Remote Code Execution via WebStrings.srf Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-47795 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Ken Pyle.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in GeoVision Geowebserver <= 5.3.3, including LFI, XSS, and RCE via improper input sanitization. It provides specific attack vectors and payloads for exploitation.

Description

GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts.

Exploits (1)

exploitdb WORKING POC
by Ken Pyle · textwebappshardware
https://www.exploit-db.com/exploits/50211

This exploit demonstrates multiple vulnerabilities in GeoVision Geowebserver <= 5.3.3, including LFI, XSS, and RCE via improper input sanitization. It provides specific attack vectors and payloads for exploitation.

Classification
Working Poc 90%
Attack Type
Lfi | Xss | Rce
Complexity
Trivial
Reliability
Reliable
Target: GeoVision Geowebserver <= 5.3.3
No auth needed
Prerequisites: Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/50211

Scores

CVSS v3 6.2
EPSS 0.0088
EPSS Percentile 54.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2026-01-25
CWE
CWE-22
Status published
Products (1)
Geovision/GeoVision Geowebserver <= 5.3.3
Published Jan 16, 2026
Tracked Since Feb 18, 2026